at a glance

CHALLENGE
Effectively monitor traffic, secure content and provide security for Ireland’s nationwide schools network.

ANSWER:
Palo Alto Networks Security Operating Platform, including two PA-7080 next-generation firewalls with Threat Prevention, URL Filtering (PAN-DB) and WildFire subscriptions.

RESULTS

  • Improves threat detection.
  • Offers vital flexibility to meet the needs of 4,000 schools.
  • Delivers 30 Gbps traffic throughput.
  • Deals with a peak of 600,000 TCP sessions a day.
  • Provides the scalability to meet growth demands for the next four years.
  • Supports more than 1 million students and teachers.

HEAnet is Ireland’s National Education and Research Network, providing broadband connectivity as well as information and communications technology services for education and research organizations across Ireland. Its shared services support some 4,000 schools and colleges, and more than 1 million students and staff.

Funded by the Irish government’s Department of Education and the Higher Education Authority, HEAnet’s connectivity and ICT shared services must be properly secured and monitored, with appropriate levels of security.

“Content security is key,” says Liam Kennedy, project manager for the schools’ network at HEAnet. “We need to give schools a level of assurance that their users aren’t accessing information they shouldn’t be accessing. There are a range of URL categories that are blocked within Irish schools, and it is Department of Education policy that students don’t access this content.”

For HEAnet, this is a complex task that requires considerable flexibility. Primary schools may require different access policies from secondary schools, which are different again from further education colleges. Some schools allow a certain amount of social networking while others ban it. Other challenges include the ability to cope with usage spikes, bring-your-own-device policies, the increasing use of smartphones and other personal devices, and growth in classroom technology, all contributing to a dramatic increase in network traffic.

To respond to these challenges, HEAnet needed a partner that could provide powerful technology backed by effective support, and a few years ago, it decided to use Palo Alto Networks® PA-5000 Series next-generation firewalls to support its needs. So, it made sense when HEAnet looked at upgrading its systems recently, it issued a European tender considering various options, a process that was won by Palo Alto Networks and its Irish partner, Threatscape®. In proof-of-concept trials, the Palo Alto Networks Next-Generation Firewall exceeded expectations, and HEAnet upgraded to the more powerful Palo Alto Networks PA-7000 Series, increasing scope from 15 Gbps to 30 Gbps – with the ability to upgrade further to 100 Gbps – and dealing with a peak of 600,000 individual connections on a typical day.

“We had a set of functionality requirements regarding content security and threat management. We needed a system that would support 30 Gbps throughput and would fit into our systems without redesign. Good support, scalability and cost were key elements in the decision to continue to invest in our future with Palo Alto Networks,” explains Kennedy.

The new HEAnet platform consists of two top-of-the-range PA-7080 next-generation firewalls deployed in separate data centers – one live and one backup. Each contains three Network Processing Cards. The organization also subscribes to Palo Alto Networks URL Filtering with PAN-DB. Dublin distributor NextGen, which also delivers ongoing first-line support, provided implementation services.

The Palo Alto Networks Security Operating Platform enables HEAnet to filter websites via URL Filtering, either allowing or blocking web users’ access by checking addresses against a pre-categorized central database, thus providing a safe internet environment. Palo Alto Networks Next-Generation Firewall allows HEAnet to access the latest innovations of the Security Operating Platform, enabling the organization to prevent cyberthreats by harnessing intelligence gathered from thousands of customers. Threat Prevention protects networks from advanced threats by identifying and scanning all traffic across all ports and protocols. WildFire® cloudbased threat analysis service delivers protections against newly discovered malware every five minutes, preventing successful cyberattacks against the HEAnet network.

“The Security Operating Platform delivers the flexibility we need, and we’ve been very happy with its ability to identify specific traffic flows. Our systems analyze everything, and once they’ve identified the different kinds of traffic, we can apply policies to them,” says Kennedy. “Traffic visibility is a key benefit. It ensures a level of control and provides schools the assurance that traffic is being properly secured and students are being protected.” The linear scalability the PA-7000 Series offers – up to 100 Gbps, with new blades easily added – is another major benefit. “HEAnet’s new platform will cope with anticipated growth for the next four years,” says Kennedy.

Great Visibility and Support

Ease of management is also important, Kennedy explains. “We have a relatively small team, so we don’t do things manually. The ability to configure automatically gives us great visibility of what the systems are doing. We can take information out of our database and push it into the Palo Alto Networks platform via the platform’s excellent API on a regular basis. If schools need to make changes to the way their filtering is carried out, our support desk can do that through a console.”

Kennedy is impressed with the support provided by Palo Alto Networks, particularly in identifying applications that are not immediately recognized.

He concludes: “The Palo Alto Networks Next-Generation Firewall does what it’s supposed to do. The support from Palo Alto Networks is excellent, and we will be using them for the foreseeable future. This support allows us to continually upgrade schools without having to worry if we have the required security capacity. Firewalls and content security are tricky things to get right. Palo Alto Networks has done a great job.”


 

Product Summary Specsheet

Key features, performance capacities and specifications for all Palo Alto Networks firewalls.
  • 85
  • 233835

PA-5200 Series Datasheet

Palo Alto Networks® PA-5200 Series of next-generation firewall appliances is comprised of the PA-5280, PA-5260, PA-5250 and PA-5220.
  • 21
  • 86410

PA-800 Series Datasheet

Palo Alto Networks PA-800 Series next-generation firewall appliances, comprised of the PA-820 and PA-850, are designed to secure enterprise branch offices and midsized businesses.
  • 17
  • 82127

PA-220 Datasheet

Palo Alto Networks PA-220 brings next-generation firewall capabilities to distributed enterprise branch offices and retail locations.
  • 21
  • 72477

PA-3200 Series Datasheet

Palo Alto Networks® PA-3200 Series of next-generation firewalls comprises the PA-3260, PA-3250 and PA-3220, all of which are targeted at high-speed internet gateway deployments. The PA-3200 Series secures all traffic, including encrypted traffic, using dedicated processing and memory for networking, security, threat prevention and management.
  • 2
  • 20869

PA-3000 Series Datasheet

Key features, performance capacities and specifications for our PA-3000 Series.
  • 24
  • 103373